[icinga-checkins] icinga.org: icingaweb2/master: monitoring/security: Guard delete comment action

git at icinga.org git at icinga.org
Tue Feb 3 16:13:29 CET 2015


Module: icingaweb2
Branch: master
Commit: 4ef5f0c813767fb18dd415e67aa9f36673de0315
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=4ef5f0c813767fb18dd415e67aa9f36673de0315

Author: Eric Lippmann <eric.lippmann at netways.de>
Date:   Tue Feb  3 16:11:56 2015 +0100

monitoring/security: Guard delete comment action

---

 library/Icinga/Web/Widget/FilterEditor.php         |   69 ++++++++++++++------
 .../Web/Controller/MonitoredObjectController.php   |    1 +
 2 files changed, 50 insertions(+), 20 deletions(-)

diff --git a/library/Icinga/Web/Widget/FilterEditor.php b/library/Icinga/Web/Widget/FilterEditor.php
index c7a240d..c515ee7 100644
--- a/library/Icinga/Web/Widget/FilterEditor.php
+++ b/library/Icinga/Web/Widget/FilterEditor.php
@@ -123,26 +123,55 @@ class FilterEditor extends AbstractWidget
     {
         $found = false;
         if ($filter->isChain() && $filter->getOperatorName() === 'AND') {
-            foreach ($filter->filters() as $f) {
-                if ($f->isExpression()
-                    && $f->getColumn() === $column
-                    && $f->getSign() === $sign
-                ) {
-                    $f->setExpression($expression);
-                    $found = true;
-                    break;
+            if (is_array($column)) {
+                foreach ($filter->filters() as $f) {
+                    if ($f->isChain() && $f->getOperatorName() === 'OR') {
+
+                    }
+                }
+            } else {
+                foreach ($filter->filters() as $f) {
+                    if ($f->isExpression()
+                        && $f->getColumn() === $column
+                        && $f->getSign() === $sign
+                    ) {
+                        $f->setExpression($expression);
+                        $found = true;
+                        break;
+                    }
                 }
             }
-        } elseif ($filter->isExpression()) {
-            if ($filter->getColumn() === $column && $filter->getSign() === $sign) {
+        } elseif ($filter->isExpression() && $filter->getSign() === $sign) {
+            if (is_array($column)) {
+                if (in_array($filter->getColumn(), $column)) {
+                    $or = Filter::matchAny();
+                    foreach ($column as $col) {
+                        $or->addFilter(
+                            Filter::expression($col, $sign, $expression)
+                        );
+                    }
+                    $filter = $filter->andFilter($or);
+                    $found = true;
+                }
+            } elseif ($filter->getColumn() === $column) {
                 $filter->setExpression($expression);
                 $found = true;
             }
         }
         if (! $found) {
-            $filter = $filter->andFilter(
-                Filter::expression($column, $sign, $expression)
-            );
+            if (is_array($column)) {
+                $or = Filter::matchAny();
+                foreach ($column as $col) {
+                    $or->addFilter(
+                        Filter::expression($col, $sign, $expression)
+                    );
+                }
+                $filter = $filter->andFilter($or);
+            } else {
+                $filter = $filter->andFilter(
+                    Filter::expression($column, $sign, $expression)
+                );
+            }
         }
         return $filter;
     }
@@ -183,25 +212,25 @@ class FilterEditor extends AbstractWidget
                 // TODO: Ask the view for (multiple) search columns
                 switch($request->getActionName()) {
                     case 'services':
-                        $searchCol = 'service_description';
+                        $searchCols = array('service_description', 'service_display_name');
                         break;
                     case 'hosts':
-                        $searchCol = 'host_name';
+                        $searchCols = array('host_name', 'host_display_name');
                         break;
                     case 'hostgroups':
-                        $searchCol = 'hostgroup';
+                        $searchCols = array('hostgroup', 'hostgroup_alias');
                         break;
                     case 'servicegroups':
-                        $searchCol = 'servicegroup';
+                        $searchCols = array('servicegroup', 'servicegroup_alias');
                         break;
                     default:
-                        $searchCol = null;
+                        $searchCols = null;
                 }
 
-                if ($searchCol === null) {
+                if ($searchCols === null) {
                     throw new Exception('Cannot search here');
                 }
-                $filter = $this->mergeRootExpression($filter, $searchCol, '=', "*$search*");
+                $filter = $this->mergeRootExpression($filter, $searchCols, '=', "*$search*");
 
             } else {
                 list($k, $v) = preg_split('/=/', $search);
diff --git a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
index d12bc77..cd2ed17 100644
--- a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
+++ b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
@@ -142,6 +142,7 @@ abstract class MonitoredObjectController extends Controller
     public function deleteCommentAction()
     {
         $this->assertHttpMethod('POST');
+        $this->assertPermission('monitoring/command/comment/delete');
         $this->handleCommandForm(new DeleteCommentCommandForm());
     }
 



More information about the icinga-checkins mailing list